Attacking underwater IT infrastructure: The ocean floor is becoming a cybersecurity battlefield

• Author:
• Author name

  Quantumrun Foresight
• August 3, 2023

Insight highlights

Underwater telecommunication cables, crucial for global internet traffic and electricity sharing, are increasingly vulnerable to assaults and espionage activities. Some nations exploit such infrastructure for geopolitical control, leading to concerns about information interception and potential service disruptions. The long-term implications of these underwater IT attacks may include eroded public trust in digital security, increased cybersecurity costs and demands, heightened geopolitical tensions, potential environmental damage, and stricter governmental regulations.

Attacking underwater IT infrastructure context

Undersea cables provide a channel for countries to share electricity and for individuals to access the internet. TeleGeography, a data analysis firm, suggests that nearly 95 percent of all global internet traffic has a portion of its journey underwater. This network is facilitated by extensive, waterproof ductwork. There are approximately 530 operational or planned underwater telecommunication cables worldwide, but despite their importance, they're also susceptible to assault. 

Russia's Main Directorate of Deep-Sea Research, or GUGI, exploits these underwater information technology systems for espionage. The US Department of Justice has cautioned against establishing the Pacific Light Cable Network, a joint venture between American and Chinese companies designed to link America to Hong Kong, due to its potential to serve as an espionage hub. Concerns over subsea cable systems being targeted arose after the Nord Stream 1 and 2 gas pipelines from Russia to Europe under the Baltic Sea were devastated by explosions (2023).

Christian Bueger, a Professor of International Relations at the University of Copenhagen, co-authored a study on Europe's subsea cable vulnerabilities before the Nord Stream incident. He states that the European Union and the  North Atlantic Treaty Organization (NATO) are now actively working on strategies to enhance their surveillance and understanding of maritime activities, including those beneath the sea. He also emphasized the need for close collaboration among industry stakeholders, security policymakers, and the military, although aligning these diverse groups on best practices is challenging.

Disruptive impact

Numerous countries in the Indo-Pacific region have submarines with the capability to discreetly interfere with cables. Companies laying these cables could install covert entrances or surveillance devices. By breaching network management systems, assailants could take control of various cable management setups. Terrorists and criminal organizations could exploit cable vulnerabilities to disrupt essential services, hack databases, or cause chaos.

An even greater risk is the disturbance of cables at data junctions or landing points. For example, Sydney and Perth are Australia's primary cable landing locations. These sites could be subjected to power outages or explosive devices and are even vulnerable to missile attacks. Landing stations are susceptible to data interception and duplication, all while the transmitting and receiving parties remain unaware.

Underwater IT infrastructures can be critical geopolitical ammunition. A leaked draft of a maritime agreement between China and the Solomon Islands from 2022 indicates China's goal to foster a maritime community with a shared future by constructing docks, shipyards, and submarine cables for the Solomon Islands. This move exemplifies how some countries can orchestrate alliances to control important sea cables.

As such, countries will likely heavily invest in protecting their underwater cables, including using autonomous drones and conducting maritime military exercises. Australia's national system for protecting submarine cables is seen as a regional benchmark, providing security zones around cable routes and making interference with these cables a criminal act. 

Implications of attacking underwater IT infrastructure

Wider implications of attacking underwater IT infrastructure may include: 

• Repeated attacks eroding public trust in both the affected organizations and in the security of the digital world in general, leading to a wider social backlash against digital systems and pressure for stronger cybersecurity laws and practices.
• Higher insurance premiums for cyber risk, increased spending on cybersecurity measures, and potential lost business due to disruptions in service or loss of customer trust.
• Increased geopolitical tensions, provoking responses ranging from diplomatic protests to retaliatory cyberattacks or even military intervention.
• Certain regions becoming more susceptible to service interruptions and the negative impacts of these attacks due to the localization of IT infrastructure. 
• Cybersecurity and infrastructure management advancements, including developing cable materials resistant to tampering or explosions.
• A higher demand for cybersecurity professionals, especially those skilled in securing and maintaining underwater IT infrastructure. 
• Governments implementing stricter cybersecurity laws and regulations, imposing new obligations on businesses to safeguard their IT infrastructure. While this could improve the overall level of cybersecurity, it could also create compliance challenges for businesses and increase the complexity of operating in the digital space.

Questions to consider

• How is your country safeguarding its underwater cables?
• How might companies work together to ensure their IT infrastructures are resilient and secure?